package com.gyf.szcrm.web.security;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity//启用web安全功能
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.headers()
                .frameOptions().sameOrigin()
                .httpStrictTransportSecurity().disable();

        http.authorizeRequests()
                .antMatchers("/courseorder/list").hasAnyAuthority("COURSEORDER_READ")
                .antMatchers("/courseorder/detail").hasAnyAuthority("COURSEORDER_READ")
                .antMatchers("/courseorder/listJson").hasAnyAuthority("COURSEORDER_READ")
                .antMatchers("/courseorder/add").hasAnyAuthority("COURSEORDER_ADD")
                .antMatchers("/courseorder/delete").hasAnyAuthority("COURSEORDER_DELETE")
                .antMatchers("/courseorder/save").hasAnyAuthority("COURSEORDER_SAVE")
                .antMatchers("/courseorder/edit").hasAnyAuthority("COURSEORDER_EDIT")
                .antMatchers("/login").permitAll()//代表login不需要拦截
                .antMatchers("/**").fullyAuthenticated()//设置所有访问路径都需要认证
                .and()
                .formLogin()//设置自己的登录页面
                .loginPage("/login");
                //.failureUrl("/login-error");//设置自己的失败页面
    }
}
